Written by James McDonald

December 2, 2009

Update: 2hd.com.au appears to be clean now the .cn server script includes are gone and Google is no longer warning you off when you go there.

Just tried to visit 2hd.com.au and I get this in Google Chrome:

I went to netcraft.com and it appears 2hd are running Windows 2003 and IIS6.0. A recent article on the Sydney Morning Herald site describes something similar (A site serving malware from Chinese *.cn servers) happening to JB Hi-Fi and JB appears to be running FreeBSD and Apache 1.3.x. So OS isn’t a factor in this particular hack.

The JB Hi-Fi malware problem was reported to be due to a third party ad server being compromised and then the JB servers unwittingly serving links to the bogus ads. So I wouldn’t be suprised if www.2hd.com.au has something similar happening. Of course this is an assumption.

To use a phrase from Meet the Fockers. No matter how secure your own server/s may be, you still need to make sure the servers in your “circle of trust” can be trusted also.

I remember a friend who worked for an Internet Serving company used to spend several hours a day combing through logs looking for suspicious activity. Looks like that sort of methodical inspection is required to stay ahead of potential security problems.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…

Meraki Open Source Licenses

Until today I assumed that Meraki was built in-house with only closed source software. But having a look at the...

VEEAM FAILS

If you have Veeam backup failing with the Updating BCD failed with Cannot update SafeBoot flag and SentinelOne is...